Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filename.rules seems to be not up to date with Microsoft Q883260 #617

Open
flagmonkey opened this issue Oct 17, 2022 · 0 comments
Open

filename.rules seems to be not up to date with Microsoft Q883260 #617

flagmonkey opened this issue Oct 17, 2022 · 0 comments
Labels
question

Comments

@flagmonkey
Copy link

flagmonkey commented Oct 17, 2022
edited
Loading

We received an .mdb-file as an e-mail attachment. Wondering why this is possible i checked Microsoft Q883260, which says (or said, i kind of can't find the document right now):

Dangerous:

.mda
.mdb
...
.mdz

The MailScanner Default Rule says "deny .md[az]". I am wondering if this should be "deny .md[a-z]" as a best practice. We've also seen lots of trojans send as .iso or .img-files, which are also not blocked by default.

This is what we added to the "Q883260 list"

deny    \.ade$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.adp$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.app$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.asp$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.bas$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.csh$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.fxp$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.inf$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.isp$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.ksh$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mat$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mdb$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mde$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mdt$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mdw$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.msc$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.msi$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.msp$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.mst$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.ops$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.pcd$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.prg$  Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.accdb$        Dangerous attachment type (according to Microsoft)      Dangerous attachment according to Microsoft Q883260
deny    \.iso$                  used for malware 2019                                   used for Malware 2019
deny    \.img   trojans      trojans
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shawniverson @flagmonkey